Back to skill
Skillv2.0.1
VirusTotal security
Polyclawster · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:12 AM
- Hash
- 2eb14aecfac21f7809cae3a6d983d4742e42d10121fe7bdf7bb70f307ece379b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polyclawster-agent Version: 2.0.1 The skill is a Polymarket trading bot that manages a local Polygon wallet and uses a third-party relay (polyclawster.com) for geo-bypass and transaction submission. While the documentation is extensive and the logic appears consistent with its stated purpose, the code in scripts/setup.js and scripts/trade.js employs minor obfuscation (string replacement like 'agentKey'.replace('agent', 'private')) to hide the access of the 'privateKey' property from static analysis. Handling raw private keys and routing signed transactions through a centralized relay (polyclawster.com) introduces significant security risks, although no clear evidence of intentional key exfiltration was found.
- External report
- View on VirusTotal